v5 trained on 598 ex/task (20× v4's 30), with --defang-frac 0.5 over
the new ThreatFox + MalwareBazaar + OTX corpus. Final train_loss 0.3225
vs v4's 0.7397 (56% reduction), 60m20s wall clock on a 3090.
Live eval before swap:
- severity (botnet, ONLINE): v4 high / v5 high — tied, both correct
- ioc_extraction with defanged input (hxxps://, [.], (.), [dot]):
v4 kept hxxps:// in output (failed canonicalization)
v5 returned canonical https:// — defang training paid off
- ioc_extraction on real OTX-style prose (never trained on this shape):
v5 cleanly extracted 2 domains + 1 IP + 1 SHA256 + 1 CVE
Cockpit /api/inference-status confirms the swap:
{"online":true,"adapter":"/data/adapters/psyc-v5/final"}
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Three load-bearing operational pieces before any new features:
* .env.example committed, .env gitignored — per-developer API keys
(THREATFOX_AUTH_KEY, OTX_API_KEY, NVD_API_KEY) ready for the registrations
ahead; python-dotenv loads it in the venv CLI; compose picks it up via
env_file: .env on the cockpit service.
* Cockpit /api/inference-status endpoint + a topbar status chip that polls it
on page load — "model · live" green when up, "model · offline" amber when
the inference server is unreachable. No more manual checking. Compose also
gains a healthcheck on the inference service (applies on next recreate).
* New `psyc backup` command — tars the audit trail (db + sealed packages +
recipient keys + ledger + datasets) to data/backups/psyc-data-<ts>.tar.gz.
Excludes the HF model cache, mock-cert receipts, and the re-trainable
adapters — the goal is the irrecoverable evidence, not bulk artifacts.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
psyc now runs as a single docker compose stack — cockpit + mock-cert +
(gpu-profile) inference — on the shared external `backend` network, fronted
by nginx-proxy as psyc.neuronetz.ai. Replaces the venv processes + one-off
docker run. MOCK_CERT_BASE and INFERENCE_URL are now env-configurable
(PSYC_MOCK_CERT_URL / PSYC_INFERENCE_URL) so the cockpit reaches the other
services by compose service name. Restart policies + healthchecks. deploy.md
rewritten to match.
Verified: cockpit serves directly and via the proxy; the full
scout→…→courier→ledger chain runs over the compose network.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Lean python:3.12-slim platform image (cockpit + CLI + workers, 214 MB — no GPU,
no model). docker-compose.yml runs cockpit + mock-cert on a persistent
psyc-data volume. DATA_DIR is now overridable via PSYC_DATA_DIR so the
container's data path is explicit. docs/deploy.md covers Proxmox hosting,
first-run ingestion, and the honest caveats — no built-in auth (deploy behind
the perimeter), the GPU model server is separate, egress-proxy config.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
